EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
As investment fund managers move quickly to adapt to new regulations and adopt emerging technologies, internal auditors play a crucial role in ensuring the robustness of operations and compliance with regulatory expectations. From an internal audit perspective, what are the key regulations firms should pay particular attention to in 2025?
Get ready for the DORA application date on 17 January 2025
DORA is set to establish a unified regulatory framework for digital resilience in the financial sector from 17 January 2025. It mandates ICT governance, risk management, standardized ICT incident reporting, cyber resilience testing, and oversight of third-party ICT service providers, including a framework for critical providers. DORA aims to bolster operational resilience for IFMs, requiring a collective effort from various roles to grasp and mitigate ICT risks. Internal auditors must ensure that IFMs have implemented comprehensive ICT governance and risk management controls, incident reporting protocols, cyber resilience testing procedures and a robust oversight framework for managing third-party ICT service risks to comply with DORA.
Pay attention to organization arrangements related to sustainability risks, among others
On 22 March 2024, the CSSF published the supervisory priorities in the area of sustainable finance, where the CSSF will persist in overseeing IFMs' adherence to sustainability provisions under SFDR, SFDR RTS and the Taxonomy Regulation as well as principles and guidance laid down in the ESMA Supervisory Briefing on Sustainability risks and disclosures in the area of investment management. The key areas of attention for internal auditors should be oriented on the IFMs' organizational arrangements for integrating sustainability risks, verifying compliance of pre-contractual and periodic disclosures, consistency in fund documentation and marketing, website disclosures and portfolio analysis.
Continue to prioritize all AML aspects
Anti-money laundering (AML) remains a priority for IFMs to ensure the maintenance of their financial integrity. The main points of focus for internal auditors include verifying that IFMs refine their controls for name matching tools to ensure they are current and precise, enhance their alert review process with dual-approval systems, and maintain comprehensive and up-to-date customer files, particularly concerning the verification of sources of funds, wealth origins, and beneficial ownership. Additionally, internal auditors shall ensure that IFMs have bolstered their transaction monitoring process, guaranteeing swift reporting of any suspicious transactions and reinforcing the oversight over delegated AML activities.
Ensure valuation frameworks are refined
Since the publication on the CSSF feedback report on the ESMA CSA report on 18 July 2023, internal auditors are urged to ensure that IFMs have refined their valuation framework by ensuring clear, concise valuation policies and procedures with defined roles and responsibilities and regular updates requiring senior management approval. In addition, internal auditors shall verify that IFMs have incorporated liquidity stress testing outcomes into asset valuation under stressed market conditions, specifically for less liquid assets, and that IFMs have established monitoring systems to determine potential liquidity and valuation issues. Internal auditors shall verify that IFMs are maintaining a robust valuation framework to assess the consistency of the valuation models used (review of assumptions, financial models, inputs and data quality, and backtesting).
Internal auditors are also expected to verify that IFMs have implemented early detection mechanisms for valuation errors, in line with CSSF Circular 24/856 effective 1 January 2025, which introduces stringent governance standards and new tolerance thresholds to safeguard investors against NAV calculation errors and non-compliance with the investment rules and other errors at the UCI level.
As investment fund managers brace for the regulatory shifts anticipated in 2025, the role of internal auditors in forecasting and preparing for these changes becomes increasingly critical. Partnering with a trusted advisor can demystify this complex landscape, offering specialized expertise and proactive strategies to navigate the impending regulations.
Summary
From an internal audit perspective, the key point firms should pay particular attention to in 2025 include the DORA application date in January, paying attention to organization arrangements related to sustainability risks, to continue prioritizing all AML aspects, and ensure that valuation frameworks are refined.
Related articles
Anti Money Laundering (AML) and Securitization: There is a way to ensure compliance
Luxembourg has implemented applicable EU and international rules and standards regarding Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF). Against the heightened risk associated with financial transactions globally, increased regulatory watch has resulted in severe penalties, including hefty fines and imprisonment.
As the 17 January 2025 deadline for the Digital Operational Resilience Act (DORA) approaches, financial entities face challenges in compliance, often underestimating the effort required. Here are key insights to dispel common myths:
Embracing the future: ISSB standards and the ESG reporting evolution
This article offers an overview of the ISSB Standards, the practical steps organizations can take to align with those, ensuring robust governance and strategic integration of ESG considerations into their core business processes, as well as importance of the assurance over the disclosed information.